Lucene search
+L

4973 matches found

Veracode
Veracode
added 2 days ago9 views

Improper Access Control

github.com/julien040/anyquery is vulnerable to Improper Access Control. The vulnerability is due to missing input sanitization and insufficient access control over the built-in SQLite virtual table modules, which allows an unauthenticated attacker to create virtual tables that reference arbitrary...

5.5AI score
Exploits0References3Affected Software1
Veracode
Veracode
added 2 days ago9 views

Server-Side Request Forgery (SSRF)

github.com/julien040/anyquery, is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the server mode not restricting outbound HTTP requests initiated by its built-in SQLite virtual table modules such as jsonreader and logreader, which allows an unauthenticated attacker to...

5.3AI score
Exploits0References3Affected Software1
OSV
OSV
added 3 days ago6 views

GHSA-GGXF-9F6J-W742 Diesel has possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`

Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserializereadonlydatabase function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as lon...

6.9CVSS6.2AI score
Exploits0References3
Veracode
Veracode
added 3 days ago7 views

Remote Code Execution (RCE)

github.com/julien040/anyquery, is vulnerable to Remote Code Execution RCE. The vulnerability is due to the server mode allowing unrestricted use of native SQLite ATTACH DATABASE commands, which allows an unauthenticated attacker to write arbitrary files to writable locations on the filesystem and...

6.6AI score0.00416EPSS
Exploits0References2Affected Software1
OSV
OSV
added 4 days ago4 views

CVE-2026-49279 WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket Handler (CVE-2026-43874 Bypass)

WWBN AVideo is an open source video platform. Versions 29.0 and below contain a Stored XSS vulnerability through the autoEvalCodeOnHTML parameter in the MessageSQLite WebSocket Handler. The MessageSQLite.php handler only strips autoEvalCodeOnHTML from $json'msg', but msgToResourceId reads from...

7.7CVSS6.3AI score0.00327EPSS
Exploits0References4
CVE
CVE
added 4 days ago25 views

CVE-2026-49279

CVE-2026-49279 (WWBN AVideo) describes a stored XSS in the WebSocket messaging system. The vulnerability arises because MessageSQLite.php only strips autoEvalCodeOnHTML from json["msg"], while msgToResourceId() favors json over msg, allowing an attacker to place the payload in json and bypass san...

7.7CVSS6.3AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-46421

The SAP Cloud Application Programming Model is a tool for building enterprise-grade cloud applications, and cap-js/cds-dbs is the monorepo for SQL database services for that tool. On April 29, 2026, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected]....

9.3CVSS0.00384EPSS
Exploits0References4
CVE
CVE
added 4 days ago21 views

CVE-2026-46421

The CVE concerns a supply-chain compromise in the SAP Cloud Application Programming Model’s cap-js/cds-dbs monorepo. On 2026-04-29, compromised versions of @cap-js/[email protected], @cap-js/[email protected], and @cap-js/[email protected] were published; these malicious packages harvested credentials (n...

9.3CVSS6.1AI score0.00384EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-60096

Name of the Vulnerable Software and Affected Versions nebula-mesh affected versions not specified Description Operator session tokens are stored in plaintext within the token column of the operator sessions table. These tokens are 32-byte random hex values sent via cookies and remain valid for 24...

7.1CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-60103

Name of the Vulnerable Software and Affected Versions Anyquery affected versions not specified Description When operated in server mode, the software lacks input sanitization and access control for its built-in SQLite virtual table modules, such as csv reader and log reader. Unauthenticated...

7.5CVSS6.1AI score
Exploits0References5
OSV
OSV
added 6 days ago5 views

MAL-2026-10490 Malicious code in @sqlite-panel/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb20d0c9e601940f84c676cd74d174e06a740b6bcb90c12d38cdcecc6ca68696 The package's main entry point index.js fetches a hardcoded GitHub Gist owned by 'getchainverse' via api.github.com and passes the returned file...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago10 views

Malicious code in @sqlite-panel/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb20d0c9e601940f84c676cd74d174e06a740b6bcb90c12d38cdcecc6ca68696 The package's main entry point index.js fetches a hardcoded GitHub Gist owned by 'getchainverse' via api.github.com and passes the returned file...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago12 views

Malicious code in @sqlite-group/schema-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...

6.2AI score
Exploits0References2
OSV
OSV
added 6 days ago2 views

MAL-2026-10448 Malicious code in @sqlite-group/schema-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...

6.2AI score
Exploits0References2
EUVD
EUVD
added 2026/07/10 7:26 p.m.7 views

EUVD-2026-39124

SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon...

5.9CVSS6.1AI score0.00239EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-50813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset...

6.1CVSS6.1AI score0.00111EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-50812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can...

5.5CVSS6.1AI score0.00112EPSS
Exploits0References3
CVE
CVE
added 2026/07/09 11:42 p.m.14 views

CVE-2026-50180

Summary: CVE-2026-50180 in Langroid’s SQLChatAgent allows arbitrary PostgreSQL file reads due to an incomplete DANGEROUS_SQL_PATTERNS blocklist. The blocklist misses several pg_read * and related functions (e.g., pg_read_file, pg_stat_file, pg_ls_logdir, pg_ls_waldir, pg_current_logfile) and does...

8.7CVSS6.1AI score0.00686EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 11:42 p.m.4 views

CVE-2026-50180 Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses...

8.7CVSS6.2AI score0.00686EPSS
Exploits0References4
NVD
NVD
added 2026/07/08 6:16 p.m.14 views

CVE-2026-50813

An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path...

6.1CVSS0.00111EPSS
Exploits0References3
Rows per page
Query Builder